GnuTLS Removes Questionable Extension

Version 2.0.2 of the GnuTLS security library does without the TLS authorization extension due to threats of patent claims.

The project took this step because the extension is not critical, but it cannot be ruled out that the extension might be patented. The project prefers to avoid any danger ensuing from a lack of clarity concerning patent claims. At the same time, this step will prevent the technology becoming more widespread. The TLS authorization extension was only added to the library in the version released early in September.

At the last minute a company claimed to have applied for a patent on TLS authorization which had been submitted to the Internet Engineering Task Force (IETF) as a draft standard, says the Free Software Foundation. The IETF had immediately rejected the draft after receiving the notice.

GnuTLS implements the RFC 2246 (Transport Layer Security) TLS standard which is used by many applications for certificate-based encryption. GnuTLS which is released under the LGPLv2 is an alternative to OpenSSL, which is released under the Apache License.